var-201804-1676
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update Advisory ID: RHSA-2018:2939-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2939 Issue date: 2018-10-17 CVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270 CVE-2018-1271 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-7489 ==================================================================== 1. Summary:
An update is now available for Red Hat Fuse Integration Services.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift.
Security fix(es):
-
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
spring-framework: Possible RCE via spring messaging (CVE-2018-1270)
-
spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260)
-
tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Updating instructions and release notes may be found at:
https://access.redhat.com/articles/3060411
- Bugs fixed (https://bugzilla.redhat.com/):
1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
- References:
https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1270 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip T8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK yGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw 8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec P89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5 rzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow ybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf h71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr Y6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/ NygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg /RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh bunfRFjDlIY=l0NF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1676", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "retail point-of-sale", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0.4" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.2" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2" }, { "model": "retail central office", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "big data discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "retail returns management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.0" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.1.1" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.2" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.1.0.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.2" }, { "model": "spring framework", "scope": "gte", "trust": 1.0, "vendor": "vmware", "version": "5.0.0" }, { "model": "retail back office", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.3.0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "tape library acsls", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.1" }, { "model": "communications performance intelligence center", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "10.2.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "spring framework", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "5.0.5" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.2" }, { "model": "communications diameter signaling router", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "service architecture leveraging tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.2.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.1" }, { "model": "retail point-of-sale", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2.1" }, { "model": "fuse", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0.0" }, { "model": "service architecture leveraging tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "healthcare master person index", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0.2" }, { "model": "retail central office", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail customer insights", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "spring framework", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "4.3.16" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0.3" }, { "model": "retail returns management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.2.1" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.1.1" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.1" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "retail order broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications services gatekeeper", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "6.1.0.4.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0" }, { "model": "retail back office", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.2" }, { "model": "communications converged application server", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "7.0.0.1" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0" }, { "model": "healthcare master person index", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.0.1" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0.3" }, { "model": "health sciences information manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3" }, { "model": "retail integration bus", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.1" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.1" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "retail customer insights", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.4" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.2" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.1" }, { "model": "spring framework", "scope": "lt", "trust": 0.8, "vendor": "pivotal", "version": "4.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.8, "vendor": "pivotal", "version": "4.3.15" }, { "model": "spring framework", "scope": "lt", "trust": 0.8, "vendor": "pivotal", "version": "5.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.8, "vendor": "pivotal", "version": "5.0.5" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.1" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.4" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.2" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.2.9" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "5.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "4.3.14" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "4.3" }, { "model": "spring framework", "scope": "ne", "trust": 0.3, "vendor": "pivotal", "version": "5.0.5" }, { "model": "spring framework", "scope": "ne", "trust": 0.3, "vendor": "pivotal", "version": "4.3.15" } ], "sources": [ { "db": "BID", "id": "103696" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "CNNVD", "id": "CNNVD-201804-245" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:pivotal_software:spring_framework", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003097" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alvaro Munoz (@pwntester) Micro Focus Fortify.", "sources": [ { "db": "BID", "id": "103696" } ], "trust": 0.3 }, "cve": "CVE-2018-1270", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-1270", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-122685", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-1270", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-1270", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-1270", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-1270", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-201804-245", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-122685", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-1270", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-122685" }, { "db": "VULMON", "id": "CVE-2018-1270" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "CNNVD", "id": "CNNVD-201804-245" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update\nAdvisory ID: RHSA-2018:2939-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2939\nIssue date: 2018-10-17\nCVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270\n CVE-2018-1271 CVE-2018-1275 CVE-2018-1304\n CVE-2018-1305 CVE-2018-1336 CVE-2018-7489\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Fuse Integration Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse Integration Services provides a set of tools and containerized\nxPaaS images that enable development, deployment, and management of\nintegration microservices within OpenShift. \n\nSecurity fix(es):\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe\nserialization via c3p0 libraries (CVE-2018-7489)\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* spring-framework: Possible RCE via spring messaging (CVE-2018-1270)\n\n* spring-security-oauth: remote code execution in the authorization process\n(CVE-2018-1260)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nUpdating instructions and release notes may be found at:\n\nhttps://access.redhat.com/articles/3060411\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries\n1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-12617\nhttps://access.redhat.com/security/cve/CVE-2018-1260\nhttps://access.redhat.com/security/cve/CVE-2018-1270\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-7489\nhttps://access.redhat.com/security/updates/classification/#critical\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip\nT8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK\nyGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw\n8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec\nP89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5\nrzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow\nybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf\nh71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr\nY6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/\nNygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg\n/RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh\nbunfRFjDlIY=l0NF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-1270" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "BID", "id": "103696" }, { "db": "VULHUB", "id": "VHN-122685" }, { "db": "VULMON", "id": "CVE-2018-1270" }, { "db": "PACKETSTORM", "id": "149847" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1270", "trust": 3.0 }, { "db": "BID", "id": "103696", "trust": 2.0 }, { "db": "EXPLOIT-DB", "id": "44796", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-003097", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.0544", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1395", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201804-245", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "147974", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-97214", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-122685", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-1270", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149847", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-122685" }, { "db": "VULMON", "id": "CVE-2018-1270" }, { "db": "BID", "id": "103696" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "CNNVD", "id": "CNNVD-201804-245" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "id": "VAR-201804-1676", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-122685" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:30:55.535000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-1270: Remote Code Execution with spring-messaging", "trust": 0.8, "url": "https://pivotal.io/security/cve-2018-1270" }, { "title": "Pivotal Spring Framework Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83088" }, { "title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182939 - Security Advisory" }, { "title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7" }, { "title": "Red Hat: CVE-2018-1270", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-1270" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385" }, { "title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37" }, { "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315" }, { "title": "CVE-2018-1270", "trust": 0.1, "url": "https://github.com/Venscor/CVE-2018-1270 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1270" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "CNNVD", "id": "CNNVD-201804-245" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-358", "trust": 1.9 }, { "problemtype": "CWE-94", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-122685" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/103696" }, { "trust": 2.0, "url": "https://pivotal.io/security/cve-2018-1270" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2939" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/44796/" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1270" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75922" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1395" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2018-1270" }, { "trust": 0.3, "url": "http://pivotal.io/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1260" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-7489" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1271" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1275" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3060411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305" } ], "sources": [ { "db": "VULHUB", "id": "VHN-122685" }, { "db": "BID", "id": "103696" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "CNNVD", "id": "CNNVD-201804-245" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-122685" }, { "db": "VULMON", "id": "CVE-2018-1270" }, { "db": "BID", "id": "103696" }, { "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "CNNVD", "id": "CNNVD-201804-245" }, { "db": "NVD", "id": "CVE-2018-1270" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-04-06T00:00:00", "db": "VULHUB", "id": "VHN-122685" }, { "date": "2018-04-06T00:00:00", "db": "VULMON", "id": "CVE-2018-1270" }, { "date": "2018-04-05T00:00:00", "db": "BID", "id": "103696" }, { "date": "2018-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "date": "2018-10-18T03:51:21", "db": "PACKETSTORM", "id": "149847" }, { "date": "2018-04-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201804-245" }, { "date": "2018-04-06T13:29:00.453000", "db": "NVD", "id": "CVE-2018-1270" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-31T00:00:00", "db": "VULHUB", "id": "VHN-122685" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-1270" }, { "date": "2018-04-05T00:00:00", "db": "BID", "id": "103696" }, { "date": "2018-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003097" }, { "date": "2021-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201804-245" }, { "date": "2024-11-21T03:59:30.477000", "db": "NVD", "id": "CVE-2018-1270" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201804-245" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Spring Framework Vulnerabilities related to security checks", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003097" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201804-245" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.